[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml-users] Hierarchical resources policy and request file
Hi Seth, Where can i find detailed documentation about different functions supported for 1.2 and 2.0 ? I swicthed back to what Anne has suggested.The changed request and policy xml files are attached. changes in request.xml : -------------- In the request.xml, the datatype of "subject-company" attribute is changed to http://www.w3.org/2001/XMLSchema#anyURI and similarly datatype of resource-id of resource in the request is changed to anyURI. changes in policy.xml: ---------------------- <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:anyURI-is-in"> <SubjectAttributeDesignator AttributeId="urn:namespace:subject-company" DataType="xs:anyURI" /> <ResourceAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="xs:anyURI" /> </Apply> </Condition> I get the below exception : --------------------------------------------------- --------------------------------------------------- Jul 4, 2006 2:37:01 PM com.sun.xacml.finder.impl.FilePolicyModule loadPolicy WARNING: Error reading policy from file C:\sun xacml\sunxacml-1.2\sample\policy\company_policy.xml java.lang.NullPointerException at com.sun.xacml.cond.Apply.getFunction(Apply.java:285) at com.sun.xacml.cond.Apply.getInstance(Apply.java:206) at com.sun.xacml.cond.Apply.getConditionInstance(Apply.java:170) at com.sun.xacml.Rule.getInstance(Rule.java:181) at com.sun.xacml.Policy.<init>(Policy.java:215) at com.sun.xacml.Policy.getInstance(Policy.java:237) at com.sun.xacml.finder.impl.FilePolicyModule.loadPolicy(FilePolicyModule.java:321) at com.sun.xacml.finder.impl.FilePolicyModule.init(FilePolicyModule.java:218) at com.sun.xacml.finder.PolicyFinder.init(PolicyFinder.java:141) at com.sun.xacml.PDP.<init>(PDP.java:107) at SimplePDP.<init>(SimplePDP.java:211) at SimplePDP.main(SimplePDP.java:312) --------------------------------------------------- --------------------------------------------------- Thanks, Dhirendra Sharma --- Seth Proctor <Seth.Proctor@sun.com> wrote: > > Hi Dhirendra. The problem is that your Condition > function (string-is- > in) takes a bag and a string, but you've passed it > two bags. Try > fixing that and let me know what happens. > > > seth > > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
<?xml version="1.0" encoding="UTF-8"?> <Request xmlns="urn:oasis:names:tc:xacml:1.0:context" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:oasis:names:tc:xacml:1.0:context cs-xacml-schema-context-01.xsd"> <Subject> <Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" DataType="http://www.w3.org/2001/XMLSchema#string"> <AttributeValue>xmic001</AttributeValue> </Attribute> <Attribute AttributeId="group" DataType="http://www.w3.org/2001/XMLSchema#string"> <AttributeValue>WCM-Release-Car</AttributeValue> <!-- User group from LDAP --> </Attribute> <Attribute AttributeId="subject-company" DataType="http://www.w3.org/2001/XMLSchema#anyURI"> <AttributeValue>18021</AttributeValue> <!-- Top level company that this belongs to from LDAP --> </Attribute> <!-- Get all the tree starting from 18021 and below --> <!-- <Attribute AttributeId="urn:namespace:subject-company-level" DataType="http://www.w3.org/2001/XMLSchema#string"> <AttributeValue>TREE</AttributeValue> </Attribute> --> </Subject> <Resource> <Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#anyURI"> <AttributeValue>180822</AttributeValue> <!-- Company to be read --> </Attribute> <!-- <Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:resource:scope" DataType="http://www.w3.org/2001/XMLSchema#string"> <AttributeValue>Descendants</AttributeValue> </Attribute> --> </Resource> <Action> <Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string"> <AttributeValue>ReleaseCar</AttributeValue> </Attribute> </Action> </Request>
<?xml version="1.0" encoding="UTF-8"?> <Policy xmlns="urn:oasis:names:tc:xacml:1.0:policy" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" PolicyId="WCM-Release-Car_Policy" RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:permit-overrides"> <Description> Sample tree : 180820 / \ 180821 180822 / \ 180823 180824 </Description> <!-- =============================================================================================== --> <Target> <Subjects> <AnySubject/> </Subjects> <Resources> <AnyResource/> </Resources> <Actions> <AnyAction/> </Actions> </Target> <!-- =============================================================================================== --> <Rule RuleId="WCMReleaseCarRule1" Effect="Permit"> <Target> <Subjects> <AnySubject/> </Subjects> <Resources> <AnyResource/> </Resources> <Actions> <AnyAction/> </Actions> </Target> <Condition> <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:anyURI-is-in"> <SubjectAttributeDesignator AttributeId="urn:namespace:subject-company" DataType="xs:anyURI" /> <ResourceAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="xs:anyURI" /> </Apply> </Condition> </Rule> <!-- =============================================================================================== --> </Policy>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]